<?php
session_start();
class Connection{
    
    var $username   ="root";
    var $password   ="";
    var $database   ="db_msrp_sgba";
    var $host       ="localhost";
    
    public function connectdb()
    {
        mysql_connect($this->host,$this->username,$this->password);
        @mysql_select_db($this->database) or die( "Unable to select database");
    }
    
   
}

$con = new connection();
$con->connectdb();

class User{
    
     //prevent injection
    function qry($query) {
      $args  = func_get_args();
      $query = array_shift($args);
      $query = str_replace("?", "%s", $query);
      $args  = array_map('mysql_real_escape_string', $args);
      array_unshift($args,$query);
      $query = call_user_func_array('sprintf',$args);
      $result = mysql_query($query) or die(mysql_error());
          if($result){
            return $result;
          }else{
             $error = "Error";
             return $result;
          }
    }
    
    //login form
    
    public $username;
    public $password;
    
    
    public function login(){
        
        $sql = "
                SELECT
                    *
                FROM
                    tbl_login
                WHERE
                    LOG_username='?' AND
                    LOG_password = '?'
                ";
                                
        try
        {
            $result = $this->qry($sql, $this->username, $this->password);
            $row = mysql_fetch_assoc($result);
            if($row != "Error"){
                if($row['LOG_username'] !="" && $row['LOG_password'] !=""){
                    $result1 = $this->qry("SELECT * FROM tbl_user WHERE USER_username = '?'", $row['LOG_username']);
                    $row1 = mysql_fetch_assoc($result1);
                        if($row1 != "Error"){
                            $_SESSION['name'] = $row1['USER_firstname'] ." ".$row1['USER_middlename'] ." ". $row1['USER_lastname'];
                            $_SESSION['gender'] = $row1['USER_gender'];
                            $_SESSION['auth'] = $row['LOG_auth'];
                        }
                    return true;
                }else{
                 
                    return false;
                }
            }else{
                return false;
            }
    
        }
        catch(Exception $e)
        {
            throw $e;
        }
        
    }
    
    //add user
    
    public $lastname;
    public $firstname;
    public $middlename;
    public $gender;
    public $address;
    public $department;
    public $position;
    public $auth;
    public $email;
    public $username_adduser;
    
    public function addUser(){
        $sql = "
                INSERT INTO
                    tbl_user(
                        `USER_lastname`,
                        `USER_firstname`,
                        `USER_middlename`,
                        `USER_gender`,
                        `USER_address`,
                        `USER_department`,
                        `USER_position`,
                        `USER_email`,
                        `USER_username`)
                Values(
                        '?',
                        '?',
                        '?',
                        '?',
                        '?',
                        '?',
                        '?',
                        '?',
                        '?'
                        )
                ";
        $sql2 = "
                 INSERT INTO
                    tbl_login(
                        `LOG_username`,
                        `LOG_password`,
                        `LOG_auth`
                    )
                VALUES(
                    '?',
                    'leomarzero',
                    '?'
                )
                ";
        try
        {
            $result = $this->qry($sql,
                              $this->lastname,
                              $this->firstname,
                              $this->middlename,
                              $this->gender,
                              $this->address,
                              $this->department,
                              $this->position,
                              $this->email,
                              $this->username_adduser,
                              $this->username_adduser,
                              $this->auth);
        
              $result2 = $this->qry($sql2,
                              $this->username_adduser,
                              $this->auth);
              
              return $result." ".$result2;
    
        }
        catch(Exception $e)
        {
            throw $e;
        }
        
    }
    
    //select all user
    public function selectUser(){
        $sql = "
                SELECT
                    *
                FROM
                    tbl_user
                ";
        try {
            $result = $this->qry($sql);
            return $result;
        }
        catch(Exception $e){
            throw $e;
        }
    }
    
    //public $province;
    //public $city_municipality;
    //
    //public $first_name;
    //public $middle_name;
    //public $last_name;
    //
    //public $sex;
    //
    //public $day;
    //public $month;
    //public $year;
    //
    //public $hospital_street;
    //public $p_city_municipality;
    //public $p_province;
    //
    //public $type_of_birth;
    //
    //public $m_first_name;
    //public $m_middle_name;
    //public $m_last_name;
    //public $m_nationality;
    //public $m_religion;
    //
    //public $f_first_name;
    //public $f_middle_name;
    //public $f_last_name;
    //public $f_nationality;
    //public $f_religion;
    //
    //public function register()
    //{
    //
    //    $sql = "INSERT INTO
    //                tbl_request_birth_certificate
    //            Values(
    //                    '',
    //                    '".$this->province."',
    //                    '".$this->city_municipality."',
    //                    '".$this->first_name."',
    //                    '".$this->middle_name."',
    //                    '".$this->last_name."',
    //                    '".$this->sex."',
    //                    '".$this->month." ".$this->day.", ".$this->year."',
    //                    '".$this->hospital_street.", ".$this->p_city_municipality.", ".$this->p_province."',
    //                    '".$this->type_of_birth."',
    //                    '".$this->m_first_name."',
    //                    '".$this->m_middle_name."',
    //                    '".$this->m_last_name."',
    //                    '".$this->m_nationality."',
    //                    '".$this->m_religion."',
    //                    '".$this->f_first_name."',
    //                    '".$this->f_middle_name."',
    //                    '".$this->f_last_name."',
    //                    '".$this->f_nationality."',
    //                    '".$this->f_religion."')";
    //                    
    //                    
    //    try
    //    {
    //        return mysql_query($sql);
    //
    //    }
    //    catch(Exception $e)
    //    {
    //        throw $e;
    //    }
    //}
    
}



?>
